Description of the vulnerability

Microsoft Visual Studio: memory corruption via __asm Generated Code

Synthesis of the vulnerability

An attacker can trigger a memory corruption via __asm Generated Code of Microsoft Visual Studio, in order to trigger a denial of service, and possibly to run code.Impacted products:Visual Studio.Severity: 2/4.Consequences: user access/rights, denial of service on service, denial of service on client.Provenance: document.Creation date: 02/05/2019.Identifiers: VIGILANCE-VUL-29203, ZDI-19-448.

Description of the vulnerability

An attacker can trigger a memory corruption via __asm Generated Code of Microsoft Visual Studio, in order to trigger a denial of service, and possibly to run code.Full Vigil@nce bulletin... (Free trial)

Microsoft Visual Studio: vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.Impacted products:Visual Studio.Severity: 3/4.Consequences: user access/rights.Provenance: document.Number of vulnerabilities in this bulletin: 2.Creation date: 12/12/2018.Identifiers:CVE-2018-8172, CVE-2018-8232, VIGILANCE-VUL-28011.

Microsoft DIA SDK: memory corruption via msdia.dll

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious PDB file, to generate a memory corruption in msdia.dll of Microsoft DIA SDK, in order to trigger a denial of service, and possibly to execute code.Impacted products:Visual Studio.Severity: 2/4.Consequences: user access/rights, denial of service on client.Provenance: document.Creation date: 21/05/2014.Identifiers:CVE-2014-3802, VIGILANCE-VUL-14778, ZDI-14-129.

Description of the vulnerability

The Microsoft DIA SDK product can be installed with Visual Studio.

The debugger uses a file in PDB format. However, a malformed PDB file corrupts the msdia.dll memory.

An attacker can therefore invite the victim to open a malicious PDB file, to generate a memory corruption in msdia.dll of Microsoft DIA SDK, in order to trigger a denial of service, and possibly to execute code.Full Vigil@nce bulletin... (Free trial)